RHSA-2012:1223: java-1.7.0-openjdk security update

Available Exploits

Description

These packages provide the OpenJDK 7 Java Runtime Environment and theOpenJDK 7 Software Development Kit.Multiple improper permission check issues were discovered in the Beanscomponent in OpenJDK. An untrusted Java application or applet could usethese flaws to bypass Java sandbox restrictions. (CVE-2012-4681,CVE-2012-1682, CVE-2012-3136)A hardening fix was applied to the AWT component in OpenJDK, removingfunctionality from the restricted SunToolkit class that was used incombination with other flaws to bypass Java sandbox restrictions.(CVE-2012-0547)All users of java-1.7.0-openjdk are advised to upgrade to these updatedpackages, which resolve these issues. All running instances of OpenJDK Javamust be restarted for the update to take effect.